review.tizen.org Git - platform/kernel/linux-rpi.git/commit

author	Christoph Hellwig <hch@lst.de>
	Thu, 17 Jan 2019 16:58:58 +0000 (08:58 -0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 13 Mar 2019 21:02:29 +0000 (14:02 -0700)
commit	d9ba842efdf068c53095b15f68377327259c3d16
tree	541b121059059580596d871ae6caf57ae6f53bf8	tree \| snapshot
parent	d23792f53f0de5706520f1302a8a4143e13a1680	commit \| diff

iomap: fix a use after free in iomap_dio_rw

[ Upstream commit 4ea899ead2786a30aaa8181fefa81a3df4ad28f6 ]

Introduce a local wait_for_completion variable to avoid an access to the
potentially freed dio struture after dropping the last reference count.

Also use the chance to document the completion behavior to make the
refcounting clear to the reader of the code.

Fixes: ff6a9292e6 ("iomap: implement direct I/O")
Reported-by: Chandan Rajendra <chandan@linux.ibm.com>
Reported-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Tested-by: Chandan Rajendra <chandan@linux.ibm.com>
Tested-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>